|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I agree with this the essence of the question is: (1) what is the best language to describe the authentication of a key, i.e. making sure the key really belongs to the person you expect it belongs to. (2) what is the best language to describe your decision regarding the character and trustworthyness of the owner of a particular key we should teach people to answer question(1) first as there can be no meaningful discussion of question(2) untill be have decided what person we are describing. validity was always a bad choice of language as that would describe whether or not GnuPG would process or reject the key. i.e. to my thinking the key is 'valid" if GnuPG can process it. if GnuPG does process they key then the questions are, (1) OK, whose key is this, anyhow, and (2) what sort of person is associated with this key,-- a careful person with understanding of PGP ? I might assign full trust; otherwise the key is un-trusted. this is critical as an untrusted key is not useful in authenticating any new keys which may be received later i don't think we should dilute this process with "TOFU" either. it's critical for people to get used to authenticatiing identifications in our digital world. just as noted by Mr. Diffie Hellman On 09/18/2015 04:57 PM, Robert J. Hansen wrote: >> After thinking about this for a time, I'd rather suggest to >> completely remove the feature "Display untrusted keys". > > After thinking about this and the poor-language issue in general, I've > come to the following conclusions: > > 1. I'm absolutely right when I said that we need to only change the > language *once*. > 2. Other people are right when they say that we need to change the > language. > > So here's what I'm proposing: we revisit the language issue ourselves, > right now. If we wait on a loose consensus process, we're never going > to get anywhere. We have to get out ahead of this, drive this, but our > ultimate decision has to be informed by at least GnuPG, and maybe > Symantec's PGP as well. > > The #1 use case is "Untrusted good signature". This is really two > separate statements: "(Non-validated in the certificate sense) (valid in > the signature sense) signature." How should we represent this to the > end-user? If you can't clearly improve on "Untrusted good signature," > then your proposal's probably not going to fly. > > Throw out your best ideas. Don't feel condemned to just using language! > Could icons, user interface elements, etc., better represent this? > > As far as timelines go, here's my proposal: > > Today -- start discussing better language. The suggestion box is open. > > February 14 -- the suggestion box closes. No new entries will be > considered, but discussion continues. > > March 1 -- bring the best of the suggestion box to Circumvention. Get > their feedback. > > April 1 -- decide on our final language proposal; give it to Werner. > > June 1 -- make final decision on new language. > > July 1 -- aim for having new language committed to the Enigmail source > tree, ready for next release > > > > _______________________________________________ > enigmail-users mailing list > [email protected] > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net - -- /Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJV/IAiAAoJEPbpQbFN6g2tP9UQANxi0hvjHqO9+/lLw9JYGmTy 2y37VPzyRF64MTH4NJakiX+Bnhpc+Bi5/Pq0ZdxmoST2t8KyEbh1VOPByTNH/7Hi GJ8s09Cz1CmhCVS84XS3MnpTrfsXWbVxkZaThQi4EnhLIGvshflUnkliQ4tnysnY zncC0TaT/lhOTKgZJz+JWjYeHyXuyCwCJrueSLQhAz1n2BR897zNbule9OyizjSF 4Hobyx2IN9GTBa5+SUiRb3o/3sCabbCkcd1ASJQZNSjihTHX/nzpQI9sktW1jYFR sEqmKGyh0nrVP1M3cPhjg1dRfcAwjEdfiNmnje8xCRe0AhBID237JRZKbpceOHIv 0Ko3xRUP5+g27HgxZEvcun2jG/LatY7D40bPwuZrHo6ULYW1L51S9PQZ8Rj4bkWI AXQ8zaI/rJfHXclEj9B0yUBUyKzq52JM8VD7za7z6c1sEeBLrFpT5SlzReZABh2u UQ85bCRZZK/IgUUOVYuxBoLiyEJRYx5d3v4pUyNf63hhiTb6focqi70fd2yrl3Xz sKyEhMNmcb+eGRIDgJuhAiLAnAjbUFK09Pz6I1b5MjhvbAWkvBQeg4BAl1uAd4qd /g/1fCxMdt65WLRnBk+NYjGEpxGA5NW2RkBvGFgwgUeNgUiuDXirtjwC6Avuw44v viY6hHJ6jRjo2cDPPTr5 =rxiC -----END PGP SIGNATURE----- |
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
